[Emerging-Sigs] Daily Ruleset Update Summary 09/092014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Sep 9 18:11:59 EDT 2014


 [***] Summary: [***]

 4 new Open signatures, 27 new Pro (4+23).  MS Patch Tuesday, Various
Android, Win32.Yakes.

 Thanks:  Kevin Ross

 Check out our Microsoft Patch Tuesday coverage details here:

 http://emergingthreats.net/september-2014-microsoft-patch-tuesday-coverage/

 [+++]          Added rules:          [+++]

 Open:

  2019142 - ET TROJAN Win32/Frosparf.B Downloading Hosts File (trojan.rules)
  2019143 - ET MALWARE PUP Win32.SoftPulse Retrieving data (malware.rules)
  2019144 - ET MALWARE MAC/Conduit Component Download (malware.rules)
  2019145 - ET MALWARE W32/Stan Malvertising.Dropper CnC Beacon (malware.rules)

 Pro:

  2808755 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-2799 (web_client.rules)
  2808756 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4065 (web_client.rules)
  2808757 - ETPRO WEB_CLIENT Possible Internet Explorer Remote Code
Execution CVE-2014-4080 (web_client.rules)
  2808758 - ETPRO WEB_CLIENT Possible Internet Explorer Remote Code
Execution CVE-2014-4081 (web_client.rules)
  2808759 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4084 (web_client.rules)
  2808760 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4087 (web_client.rules)
  2808761 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4088 (web_client.rules)
  2808762 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4089 (web_client.rules)
  2808763 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4092 (web_client.rules)
  2808764 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4094 (web_client.rules)
  2808765 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4095 (web_client.rules)
  2808766 - ETPRO TROJAN Win32.Black.cvdvox Checkin (trojan.rules)
  2808767 - ETPRO TROJAN Win32.Yakes.fpbx C2 Beacon (INBOUND) (trojan.rules)
  2808768 - ETPRO TROJAN Win32.Yakes.fpbx Checkin (trojan.rules)
  2808769 - ETPRO TROJAN Backdoor.Win32.Androm Requesting payload 2
(trojan.rules)
  2808770 - ETPRO TROJAN Backdoor.Win32.Androm Requesting payload (trojan.rules)
  2808771 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Iconosys.a Checkin 6
(mobile_malware.rules)
  2808772 - ETPRO TROJAN Win32.Yakes.fudl Checkin (trojan.rules)
  2808773 - ETPRO MOBILE_MALWARE Android/Koler.B Checkin (mobile_malware.rules)
  2808774 - ETPRO TROJAN Win32.Sasfis Checkin (trojan.rules)
  2808775 - ETPRO TROJAN Trojan.MulDrop3.53344 Checkin (trojan.rules)
  2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)
  2808777 - ETPRO MOBILE_MALWARE Android.Svpeng.D Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2001219 - ET SCAN Potential SSH Scan (scan.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2017817 - ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013
(current_events.rules)
  2018998 - ET CURRENT_EVENTS Archie EK Landing Aug 24 2014
(current_events.rules)
  2806076 - ETPRO TROJAN Win32/Carberp.A Checkin 3 (trojan.rules)
  2808050 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.jgb Checkin (trojan.rules)
  2808480 - ETPRO TROJAN Trojan.Win32.Banload.BTVS SQL Checkin (trojan.rules)
  2808658 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 1
Specific (current_events.rules)
  2808717 - ETPRO EXPLOIT Netcore Router Backdoor Usage (exploit.rules)


 [---]  Disabled and modified rules:  [---]

  2014618 - ET TROJAN W32/Sogu Remote Access Trojan Social Media
Embedded CnC Channel (trojan.rules)


 [---]         Removed rules:         [---]

  2403338 - ET CINS Active Threat Intelligence Poor Reputation IP
group 39 (ciarmy.rules)
  2403339 - ET CINS Active Threat Intelligence Poor Reputation IP
group 40 (ciarmy.rules)
  2808415 - ETPRO MALWARE PUP Win32.SoftPulse Retrieving data (malware.rules)
  2808602 - ETPRO MOBILE_MALWARE Android/Crosate.N Checkin
(mobile_malware.rules)


More information about the Emerging-sigs mailing list